OneLogin hacked: Raises questions on selection of SSO Solutions

Password Manager and Single Sign-On provider Onelogin recently got hacked. Company’s chief Security officer Alvaro Hoyos said it is working with law enforcement. Onelogin believes that all customers served by its US data centers are affected and customer data was potentially compromised.

It said “Our review has shown that a threat actor obtains access to a set of keys and used them to access the AWS API from an intermediate host with another, smaller service provider In the US.”

The above kind of increasing incidents clearly show there is a need to review the following while selecting a SSO solutions:

The data centers used by intermediate host (if any) of SSO solution providers.

Whether SSO solution is to be used in traditional “In premise” rather than cloud mode.

For information ILANTUS uses only Microsoft Azure and no intermediate hosts. ILANTUS also provides both cloud and In premise models.